LDAP within a virtual host

LDAP within a virtual host

am 08.04.2008 11:37:14 von Adrian Marsh

Hi All,

I'm trying to teach myself ldap and virutal hosting. If I setup a
standard httpd.conf filewith just the below in it, then the ldaps lookup
is successful:


AuthBasicProvider ldap
#DAV svn
#SVNParentPath /home/SVN
#SVNIndexXSLT "/svnindex.xsl"
AuthType Basic
AuthzLDAPAuthoritative off
AuthName "Subversion"
#AuthUserFile /etc/svn-auth-file
AuthLDAPURL
"ldaps://ubiq-serv1.company.local/DC=company,DC=local?sAMAcc ountName?sub?(objectClass=*)"
NONE
AuthLDAPBindDN
"CN=ldapuser,OU=SBSUsers,OU=Users,OU=MyBusiness,DC=company,D C=local"
AuthLDAPBindPassword *******
#
Require valid-user
#
#AuthzSVNAccessFile /tmp/svntest


However, if I wrap it into a virtual host, I get 500 messages back from
the server :


DocumentRoot /var/www/testhtml
ServerName testserv.company.local
CustomLog logs/svn_logfile "%t %{SVN-ACTION}e %u" env=SVN-ACTION
CustomLog logs/testserv_log combined


# Other directives here


AuthBasicProvider ldap
#DAV svn
#SVNParentPath /home/SVN
#SVNIndexXSLT "/svnindex.xsl"
AuthType Basic
AuthzLDAPAuthoritative off
AuthName "Subversion"
#AuthUserFile /etc/svn-auth-file
AuthLDAPURL
"ldaps://ubiq-serv1.company.local/DC=company,DC=local?sAMAcc ountName?sub?(objectClass=*)"
NONE
AuthLDAPBindDN
"CN=ldapuser,OU=SBSUsers,OU=Users,OU=MyBusiness,DC=company,D C=local"
AuthLDAPBindPassword *****
#
Require valid-user
#
#AuthzSVNAccessFile /tmp/svntest




In the error log I get:

[Tue Apr 08 00:14:22 2008] [warn] [client 192.168.117.1] [12209]
auth_ldap authenticate: user marsh authentication failed; URI /abc
[LDAP: ldap_simple_bind_s() failed][Can't contact LDAP server]



But a tcpdump shows that theres not even an attempt to contact our LDAP
server.

I know that the Virtualhost directives are taking affect as the normal
logs are written out to the testserv_log file, and it is mapping to /abc

I just dont get why the virtualhost ldaps lookup is failing...

I also tried dropping it back to ldap instead of ldaps to see if it was
the SSL wrapper, but that makes no difference either.

Any ideas??

Thanks,

Adrian

Re: LDAP within a virtual host

am 08.04.2008 18:40:16 von Adrian Marsh

ok... solved this one..

It was a stupid networking fault caused by VMware suddenly deciding not
to resolve DNS. re-pointed it and this works. However I have a seperate
question about LDAP/Virtual machines and SSL that I'll post seperately.

Adrian Marsh wrote:
> Hi All,
>
> I'm trying to teach myself ldap and virutal hosting. If I setup a
> standard httpd.conf filewith just the below in it, then the ldaps lookup
> is successful:
>
>
> AuthBasicProvider ldap
> #DAV svn
> #SVNParentPath /home/SVN
> #SVNIndexXSLT "/svnindex.xsl"
> AuthType Basic
> AuthzLDAPAuthoritative off
> AuthName "Subversion"
> #AuthUserFile /etc/svn-auth-file
> AuthLDAPURL
> "ldaps://ubiq-serv1.company.local/DC=company,DC=local?sAMAcc ountName?sub?(objectClass=*)"
> NONE
> AuthLDAPBindDN
> "CN=ldapuser,OU=SBSUsers,OU=Users,OU=MyBusiness,DC=company,D C=local"
> AuthLDAPBindPassword *******
> #
> Require valid-user
> #
> #AuthzSVNAccessFile /tmp/svntest
>
>
> However, if I wrap it into a virtual host, I get 500 messages back from
> the server :
>
>
> DocumentRoot /var/www/testhtml
> ServerName testserv.company.local
> CustomLog logs/svn_logfile "%t %{SVN-ACTION}e %u" env=SVN-ACTION
> CustomLog logs/testserv_log combined
>
>
> # Other directives here
>
>
> AuthBasicProvider ldap
> #DAV svn
> #SVNParentPath /home/SVN
> #SVNIndexXSLT "/svnindex.xsl"
> AuthType Basic
> AuthzLDAPAuthoritative off
> AuthName "Subversion"
> #AuthUserFile /etc/svn-auth-file
> AuthLDAPURL
> "ldaps://ubiq-serv1.company.local/DC=company,DC=local?sAMAcc ountName?sub?(objectClass=*)"
> NONE
> AuthLDAPBindDN
> "CN=ldapuser,OU=SBSUsers,OU=Users,OU=MyBusiness,DC=company,D C=local"
> AuthLDAPBindPassword *****
> #
> Require valid-user
> #
> #AuthzSVNAccessFile /tmp/svntest
>
>
>
>
> In the error log I get:
>
> [Tue Apr 08 00:14:22 2008] [warn] [client 192.168.117.1] [12209]
> auth_ldap authenticate: user marsh authentication failed; URI /abc
> [LDAP: ldap_simple_bind_s() failed][Can't contact LDAP server]
>
>
>
> But a tcpdump shows that theres not even an attempt to contact our LDAP
> server.
>
> I know that the Virtualhost directives are taking affect as the normal
> logs are written out to the testserv_log file, and it is mapping to /abc
>
> I just dont get why the virtualhost ldaps lookup is failing...
>
> I also tried dropping it back to ldap instead of ldaps to see if it was
> the SSL wrapper, but that makes no difference either.
>
> Any ideas??
>
> Thanks,
>
> Adrian